Iwd: Difference between revisions

From NixOS Wiki
imported>Makefu
add gnome-keyring remark
Onny (talk | contribs)
Configuration of eduroam networks
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.
[https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ iwd] (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.


= Using iwd =
== Setup ==


iwd can be enabled with the following snippet.
iwd can be enabled with the following snippet.
Line 9: Line 9:
</syntaxhighlight>
</syntaxhighlight>


== Usage ==
Connections can be managed using the provided {{ic|iwctl}} tool.
Connections can be managed using the provided {{ic|iwctl}} tool.


== iwd as backend for NetworkManager ==
== Configuration ==
 
To configure iwd, you should use <code>networking.wireless.iwd.settings</code> option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:
<syntaxhighlight lang="nix">
{
  networking.wireless.iwd.settings = {
    IPv6 = {
      Enabled = true;
    };
    Settings = {
      AutoConnect = true;
    };
  };
}
</syntaxhighlight>
 
For a detailed and up-to-date list of available settings, please reference the [https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/iwd.network.rst network daemon configuration docummentation], from kernel Git repo.
 
=== Eduroam (WPA2 Enterprise) network ===
[https://eduroam.org Eduroam] wireless networks need to get configured manually by creating following file <code>/var/lib/iwd/eduroam.8021x:</code><syntaxhighlight lang="ini">
[Security]
EAP-Method=PEAP
EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
EAP-PEAP-CACert=/var/lib/iwd/ca.pem
EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
EAP-PEAP-Phase2-Password=mypassword
 
[Settings]
Autoconnect=true
</syntaxhighlight>Replace the value in <code>EAP-Identity</code>, <code>EAP-PEAP-ServerDomainMask</code>, <code>EAP-PEAP-Phase2-Identity</code> and <code>EAP-PEAP-Phase2-Password</code> according to your university presets which can be acquired at [https://cat.eduroam.org cat.eduroam.org]. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file <code>/var/lib/iwd/ca.pem</code>.
 
=== iwd as backend for NetworkManager ===


If iwd is present, it can be used as a backend for NetworkManager through the following snippet.
If iwd is present, it can be used as a backend for NetworkManager through the following snippet.
Line 17: Line 51:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
networking.networkmanager.wifi.backend = "iwd";
networking.networkmanager.wifi.backend = "iwd";
</syntaxhighlight>
=== iwd as backend for Connman ===
Iwd could be use as a backend for Connman too.
<syntaxhighlight lang="nix">
services.connman.wifi.backend = "iwd";
</syntaxhighlight>
</syntaxhighlight>


Line 22: Line 64:


== Troubleshooting ==
== Troubleshooting ==
=== org.freedesktop.service failed ===
=== org.freedesktop.service failed ===
When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:
When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:
Line 33: Line 76:
}
}
</syntaxHighlight>
</syntaxHighlight>
=== rfkill blocks wireless device ===
If the wi-fi connection is blocked by rf-kill, it it is needed to unblock the the wireless device. A way to do that with Nix is by using  system.activationScripts.
<syntaxHighlight lang=nix>
{
  system.activationScripts = {
    rfkillUnblockWlan = {
      text = ''
      rfkill unblock wlan
      '';
      deps = [];
    };
  };
}
</syntaxHighlight>
[[Category:Applications]][[Category: Networking]]

Latest revision as of 15:08, 11 November 2024

iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.

Setup

iwd can be enabled with the following snippet.

networking.wireless.iwd.enable = true;

Usage

Connections can be managed using the provided iwctl tool.

Configuration

To configure iwd, you should use networking.wireless.iwd.settings option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:

{
  networking.wireless.iwd.settings = {
    IPv6 = {
      Enabled = true;
    };
    Settings = {
      AutoConnect = true;
    };
  };
}

For a detailed and up-to-date list of available settings, please reference the network daemon configuration docummentation, from kernel Git repo.

Eduroam (WPA2 Enterprise) network

Eduroam wireless networks need to get configured manually by creating following file /var/lib/iwd/eduroam.8021x:

[Security] 
EAP-Method=PEAP
EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
EAP-PEAP-CACert=/var/lib/iwd/ca.pem
EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
EAP-PEAP-Phase2-Password=mypassword

[Settings] 
Autoconnect=true

Replace the value in EAP-Identity, EAP-PEAP-ServerDomainMask, EAP-PEAP-Phase2-Identity and EAP-PEAP-Phase2-Password according to your university presets which can be acquired at cat.eduroam.org. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file /var/lib/iwd/ca.pem.

iwd as backend for NetworkManager

If iwd is present, it can be used as a backend for NetworkManager through the following snippet.

networking.networkmanager.wifi.backend = "iwd";

iwd as backend for Connman

Iwd could be use as a backend for Connman too.

services.connman.wifi.backend = "iwd";

Note that iwd is experimental and it does not have feature parity with the default backend, wpa_supplicant.

Troubleshooting

org.freedesktop.service failed

When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:

dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory

Your desktop manager may not enable some secrets management service you may need to enable one:

{
  services.gnome3.gnome-keyring.enable = true;
}

rfkill blocks wireless device

If the wi-fi connection is blocked by rf-kill, it it is needed to unblock the the wireless device. A way to do that with Nix is by using system.activationScripts.

{
  system.activationScripts = {
    rfkillUnblockWlan = {
      text = ''
      rfkill unblock wlan
      '';
      deps = [];
    };
  };
}